Site Reviews by Hammer Bro in the Norton Safe Web community Tue May 21 08:50:50 +0000 2013 http://safeweb.norton.com/profile/Hammer%20Bro Rating:- 0/5 Review:- Received this Website via compromised e-mail. Would avoid at all costs. A specific link was provided that I imagine will lead to a virus: http://www.waynegaming.de/meujyqdq/pdxtetriv/chyke=yduwv. I was NOT able to run this link against NoVirusThanks. That alone, is usually not a good sign. Beware, WOT has no intelligence for the site. Waynegaming is a front and points to: 212.227.133.20 which is LISTED in hpHosts for ATS or Ad/Tracking Server. Regards, H.B. Sat, 18 May 2013 04:19:31 +0000 http://safeweb.norton.com/report/show?url=waynegaming.de Site:- playdom.com Rating:- 3/5 Review:- Nothing but spam. Someone I know was signed up for this nonsense, yet, they didn’t sign up and now their inbox is being bombed with mail. What gripes me is the fact that these people do not have an extra layer of security in place to prevent unscrupulous characters from signing you up if they happen to come across some of your information say. The extra measure should be something only that person would know. A request to unsubscribe was put in; we will see if that will be honoured. Bottom line, have nothing to do with these guys, because, like a great reviewer once told me, where there is spam - - scam is sure to follow. Be well, H.B. Fri, 15 Mar 2013 05:26:06 +0000 http://safeweb.norton.com/report/show?url=playdom.com This is a malicious IP confirmed by N360 and hpHosts. Please see: http://hosts-file.net/default.asp?s=208.87.34.20. Regards, H.B. Sun, 10 Feb 2013 05:35:41 +0000 http://safeweb.norton.com/report/show?url=208.87.34.20 Site:- centralrewarddepot.winnersedgepicks.com Rating:- 0/5 Review:- Safe Web currently has this “winnersedgepicks” in the GREEN. Yet, WOT has it in the RED and, more specifically, N360 recently blocked a HIGH intrusion attempt from centralrewarddepot.winnersedgepicks.com. I believe the attack was fake Facebook survey. Is there any possibility Safe Web’s reputation for this domain can be amended to reflect danger? I just don’t want people to have a false sense of security. Regards, H.B. Mon, 04 Feb 2013 07:56:47 +0000 http://safeweb.norton.com/report/show?url=winnersedgepicks.com Rating:- 3/5 Review:- This “organisation” continually spams my inbox; however, I never signed up with them. Unless, someone else (without my permission) signed me up? I keep “reporting spam”, yet their pesky notifications are still going to my g-mail inbox! Annoying to say the least. Anyhow, WOT gives JobFox high marks, but, I believe their community, especially reviewer “KateDi” presents a more accurate portrait of this site. H.B. Reference:- http://www.mywot.com/en/scorecard/jobfox.com Fri, 07 Dec 2012 06:51:15 +0000 http://safeweb.norton.com/report/show?url=jobfox.com Rating:- 2/5 Review:- Received an e-mail on 12/3/2012 that came under the guise of the title. However, upon visiting UPS directly, a representative ran the “tracking number” - - it was invalid. There were “clickables” in this e-mail (probably all viruses) more specifically, there was a link with the root of c0120.com. According to URLVoid, this c0120 has been detected as problematic by both SURBL and WOT. They also warn that the domain is new so exercise caution. Upon further investigation, although URLVoid had indicated that c0120.com was flagged by SURBL and WOT (when I went to those sites directly) it looked as though WOT had not tested the site and SURBL had no listing for c0120.com. Unless, URLVoid was going by past information. Subsequently, I did even more investigation. If you do a rDNS look-up for the Current IP for c0120.com THAT is in the RED on hpHosts. Bottom line, if it wasn’t for the fact that someone in my family was expecting a package and the fact that this stupid e-mail went to my inbox versus junk folder (amazing considering that the only e-mails that should enter my inbox are those in my address book of which “UPS Quantum View” is most certainly not) I would have completely disregarded this. Furthermore, being that an actual employee from UPS verified that the tracking number in the e-mail was bogus, I would have nothing to do with “Quantum View”. Learn from my experience (as that is the wisest person of all) and don’t waste the time/energy/resources on a wild goose chase like this. I felt especially commissioned to post this at this time being that I know people will be expecting packages for the Holidays and I don’t want them to get taken. H.B. References:- 1.) http://urlvoid.com/scan/c0120.com/ 2.) http://hosts-file.net/?s=98.139.135.22 Thu, 06 Dec 2012 07:21:29 +0000 http://safeweb.norton.com/report/show?url=c0120.com Rating:- 5/5 Review:- Don’t get me wrong, the site (technologically) is sound and as far as limiting spam is light years ahead of both MSN and Yahoo! (the worst web-based e-mail!) However, the new mail interface is terrible. No contrast. You should see how angry people have gotten on their forum. A similar situation arose when Google instituted the “dark bar”. Just seems that they don’t listen to the people. Let Norton learn from this. Bottom line, despite my misgivings about G-Mail’s interface, I will continue to use their mail until something better comes along. H.B. Tue, 04 Dec 2012 10:29:55 +0000 http://safeweb.norton.com/report/show?url=mail.google.com Rating:- 1/5 Review:- Anouther IP that Malwarebytes’ successfully blocked. I would avoid. Norton, please perform further investigation into this. Thanks, H.B. Sun, 02 Dec 2012 07:55:19 +0000 http://safeweb.norton.com/report/show?url=46.246.111.20 Rating:- 2/5 Review:- I don’t know, some time back, my Malwarebytes’ program blocked this IP, therefore, I would avoid it and I think it behooves Norton to perform further investigation. Regards, H.B. Fri, 30 Nov 2012 05:47:07 +0000 http://safeweb.norton.com/report/show?url=78.140.138.109 Site:- http://www.kappamikey.com/index.php Rating:- 4/5 Review:- It’s Kappa Mikey! Website for all things pertaining to Nicktoons Network’s break-out hit documenting the life of Mikey Simon (voiced by Michael Sinterniklaas) a kid struggling to find his place amongst the beautiful people. From the pages I have tested, the site seems to be safe. Parents should be aware that this site does feature links to third-party sites, however. H.B. Wed, 28 Nov 2012 06:49:39 +0000 http://safeweb.norton.com/report/show?url=kappamikey.com Rating:- 5/5 Review:- For whatever reason, WOT seems to be taking a tremendous amount of fire on this forum and I’m not certain if it is all merited. Additionally, we are here primarily for the technological. I believe most of the recent critics have forgotten that. For example, I hold that there would be more preponderance and support for their arguments if, with a certain certitude, they could point to an attack whereupon entering the site produced a drive-by-download etc. From what we know, that is not the case, at least for now. For those unfamiliar, WOT is a Web reputation analysis service much in the same “vein” (if you will) as Site Advisor and Web Security Guard. Moreover, in my years of research, oftentimes they will have a more accurate portrait of a prospective site’s security than either of the aforementioned. In addition, is “g7w” indicative of the corporate structure of WOT much in the same manner as my relationship with Norton/Symantec? There is also this peculiar conception that they will not let their own site be rated? Funny, URLVoid is able to rate them. My criticism with WOT is much in the same manner of my critique concerning Safe Web. Raters completely disregarding the technological and the screenshot generator. Primarily to parents- You may think, “Oh, it is a security site, the children will be fine….” Hold that thought. Said children bring up security report for certain domains (which I will preclude for integrity) all of a sudden screenshot generator re-creates the Homepage for aforesaid domains - - as if they had visited them…. I realise the “generator” serves a purpose, however, is there a way of partially obfuscating it so the cure doesn’t become part of the disease? Bottom line, despite my criticism, I at least, will continue to rely upon Safe Web, WOT, and others when aggregating security intelligence. H.B. 5/5 Mon, 19 Nov 2012 08:43:54 +0000 http://safeweb.norton.com/report/show?url=mywot.com Site:- VRC.com Rating:- 3/5 Review:- Sometime back, I had reported on vikingrivercruises.com. Don’t be fooled. VRC.com is just another domain owned by them. Previously, I had upbraided them for sending me info on their cruises I did not request. I issued a 1/5. I have amended that to reflect suspicious/annoying 3/5 delineation. In my revised opinion, I’m saving the ignominious 1/5 for domains such as rong2007.net which is outright dangerous. Bottom line, because VRC.com is still under the masthead Viking River Cruises which has sent me both unsolicited messages via snail mail and e-mail, they retain the rating of 3/5 for annoyance. Interesting to note- WOT has only given VRC.com 70% as far as trustworthiness. H.B. 3/5 Sun, 18 Nov 2012 07:55:14 +0000 http://safeweb.norton.com/report/show?url=vrc.com Rating:- 0/5 Review:- Received this “domain” from a past contact, but, it was not really her. In sum, her account was compromised and the criminals (on her credibility) were trying to get those who received that e-mail to go to rong2007.net for supposedly great deals on I-Pad II. Complete phishing scam with rod and reel included - - avoid. WOT has thrown this domain in the RED for those so interested. Conclusion- If rong2007 is right - - I’ll take my chances being wrong, lol! H.B. 0/5 Sat, 17 Nov 2012 06:13:22 +0000 http://safeweb.norton.com/report/show?url=rong2007.net Review:- Look out. Hordes of “reviewers” have magically descended on Safe Web to bolster this site. What does that remind me of? Oh yes, the lowly tactics employed by Brothersoft some time back. Interesting to note, I did a “Google preview” of a page from this mysocialpeople and “rony semaan’s” (apparently a reviewer here) avatar was present there. Maybe he just wants to praise the site here and maybe there is no “smoking gun”, but I still find it suspicious that there are fourteen [14] positive reviews just in the span of one [1] day - - not even. You might find that with a site within the course of a week if lucky. Please keep in mind, because I have taken notice of this questionable behaviour, the same people who gave this site stellar reviews will most likely seek to marginalise my position. They will also explain, “Well, Safe Web believes the site to be safe….” The previous statement means nothing. Safe Web is not perfect. Just remember, I have warned you. Bottom line, until WOT establishes more of a reputation for this domain, I would not recommend using it. H.B. 3/5 Thu, 25 Oct 2012 06:23:22 +0000 http://safeweb.norton.com/report/show?url=mysocialpeople.com Review:- As of tonight, August 31, YouTube seems to be freezing/crashing. Could this be related to Norton’s parental controls? Is the site undergoing maintenance? I just hope it isn’t under attack. Please comment if you have more information. Regards, H.B. Sat, 01 Sep 2012 06:56:57 +0000 http://safeweb.norton.com/report/show?url=youtube.com Apparently, just an annoying Windows Update, guilty of high resource consumption and leaving multiple residual folders behind on C:\. Thu, 17 May 2012 05:29:53 +0000 http://safeweb.norton.com/report/show?url=hotfixinstaller.exe Small rating:- 1/5 Review:- Thought I received an e-mail from one of my friends, however, upon opening the e-mail, it was clearly a scam directing people to: images.indianewsreel.com. That’s not the worst of it. As I was still signed into my e-mail, all of a sudden, IE 8 BLOCKED files supposedly being downloaded to my system. Good catch IE 8. Attention all Symantec Employees: you may want to be on the lookout for this type of behaviour as it relates to e-mails. Good thing I’m not your average Hammer Bro. Many have criticised my ardent policy of keeping my “pop-up blocker” set to maximum. However, I would venture to say, that if it was not set to the maximum - - the remote attack would not have been blocked. Although I have scheduled more research to be done on this, for now, I wanted to ALERT the community as quick as possible. Interesting to note- WOT has thrown this “images.indianewsreel.com” in the RED. Norton, please re-evaluate. H.B. Tue, 24 Apr 2012 08:26:09 +0000 http://safeweb.norton.com/report/show?url=indianewsreel.com Review:- Recently, I perused the “Services” tab under MSCONFIG of my laptop running Windows XP Professional. I found something interesting: ohkdfa. I thought to myself, well, never heard of that one. Subsequently, I sought out venerated process bureaus i.e. Neuber and Uniblue Process Library. They were NOT able to verify it. I even “googled” it, and that did not yield any authoritative hits. There were obscure references - - and some sites were not even in English. I might go further into those results at another time, but, for now, I want to provide you guys with the places (that I have been able to identify) where this item lodged itself in my registry because, at least in my opinion, anything you can’t baseline through respected outfits is just downright suspicious and SHOULD be REMOVED. First place:- HKEY_LOCAL_MACHINE, SOFTWARE, Microsoft, Shared Tools, MSConfig, services. Second place:- HKEY_LOCAL_MACHINE, SYSTEM, ControlSet001, Enum, Root, LEGACY_OHKDFA. Third place:- HKEY_LOCAL_MACHINE, SYSTEM, ControlSet001, Services, OHKDFA. Fourth place:- HKEY_LOCAL_MACHINE, SYSTEM, ControlSet003, Enum, Root. Fifth place:- HKEY_LOCAL_MACHINE, SYSTEM, ControlSet003, Services, OHKDFA. Bottom line, the full damage or lack thereof is hard to assess being that there is no precursor. Although speculative, at best I would say something that facilitates spamming activity; at worst, a remote file inclusion that has been monitoring my test computer up until the time I found it. It is my hope that this review can at least serve as a foundation for those struggling to find information on this. I encourage forum leaders on here as well as people like SendOfJive from community.norton.com to “weigh in” (so to speak). Mon, 19 Mar 2012 05:26:08 +0000 http://safeweb.norton.com/report/show?url=ohkdfa.exe Site:- freelancer.com Small Rating:- 3/5 Review:- They start going into how a user associated with this domain, “has just left a review about you….” Really? I’m that important, eh? They go on, “feedback is hidden to let you provide feedback on the other party.” Sounds suspicious to me. Let’s bring this back down to Earth. The only “feedback” I’m leaving is on Safe Web to warn our community. Some aggregate intelligence for freelancer.com. SiteAdvisor- Green. WOT- Green. WOT’s community- red reviews outnumber green, 15 to 7. Trend Micro- safe. Google Safe Browsing- nothing suspicious. However, they uncover that it is hosted on SoftLayer. In my experience, in the past, SoftLayer was problematic to the place where Malwarebytes’ blocked it. URLVoid- clean. hpHosts- not listed. However, the two [2] additional matches for freelancer.com were EMD classification. MalwareURL- not listed. Malware Domain List- cites getafreelancer which I already reported on, and, netafreelancer.com for RFI. DNS-BH- no matches. According to Wikipedia, freelancer.com was once getafreelancer.com. Interesting. Apparently people have flagged freelancer.com on Complaints Board. I will provide the citation below. Just “Googling” freelancer.com scam brings up a gamut of results from a person on Ripoff Report excoriating it to someone on Yahoo! Answers saying it’s legit. Bottom line, although the aggregate intelligence seems split and (at times) more surrounding, because this site was highlighted in a spam e-mail, I’m going to be leery. H.B. Citations:- http://www.mywot.com/en/scorecard/freelancer.com http://www.google.com/safebrowsing/diagnostic?site=freelancer.com http://hosts-file.net/?s=freelancer.com&view=matches http://www.malwaredomainlist.com/mdl.php?search=freelancer.com&colsearch=All&quantity=50&inactive=on http://en.wikipedia.org/wiki/Freelancer.com http://www.complaintsboard.com/?search=freelancer.com&everything=Everything Sun, 27 Nov 2011 07:02:13 +0000 http://safeweb.norton.com/report/show?url=freelancer.com Site- Pokémon.com Title- Money, here’s lookin’ at you kid. Small rating- 5/5 Review- Pokémon.com central “hub” for all things Pokémon. I know, I know, real deep insight there. However, I really appreciate the fact that in the site’s TOS (Terms of Service) they emphasize, “parents should supervise their children’s online activities as diligently as they do their ‘real world’ activities….” So true. I mean, how many times do we see parents throw their kids on a computer in the library then walk away? Picture this sounding like Vince from ShamWoW!, “That’s a recipe for disaster….” On a personal note, Children need Pokémon. You may think that that is crazy, but I will explain why. Pokémon gives the kids something to hope for and that’s what it’s all about. Giving people hope. Pokémon teaches children essential life skills that translate directly to the real world. Skills including, but not limited to: character building, hard work, teamwork, and, that if you persevere and persist for the sake of excellence, there is NO limit to what you can accomplish. The next generation has to stay inspired, for they are the future. The future doctors who will cure Diabetes Type I, the future scientists to eliminate dependence on foreign oil. Our place in the cosmos is staked on them - - but it won’t happen if they don’t have inspiration, a necessary component required for “outside the box” thinking that brings about the aforementioned goals. I hold Pokémon to be at least one [1] source for that inspiration. Bottom line, my level 100 kadabra will kick all you’re butts! {:-D Mon, 14 Nov 2011 04:25:05 +0000 http://safeweb.norton.com/report/show?url=pokemon.com Title:- www.w3.org Subtitle:- Yeah, I’ll stick to E3. Rating:- 3/5 Tags:- Spam, Potential Scam, Potentially Dangerous. Review:- This w3 was another Website highlighted in the first spam e-mail I reviewed since I’m back. S.A.- Green. One [1] e-mail per month and five [5] green downloads. S.A.’s Community- Good (11), Spam (1), Adware, Spyware, or Viruses (12), Phishing or other scams (5). WOT- Green, with exceptional marks. WOT’s Community- pretty positive outside of two [2] reviewers. illyax flags w3 for phishing or other scams. Seattle John explains, “McAfee reports finding 3 virus, 2 trojans on this site. As you should do everywhere, SCAN before installing!” Google Safe Browsing- “Of the 505 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2011-06-13, and the last time suspicious content was found on this site was on 2011-06-11. Malicious software includes 5 worm(s), 2 virus. Successful infection resulted in an average of 1 new process(es) on the target machine.” My recommendation- Despite S.A. and WOT giving this domain a “pass”, the evidence from Google Safe Browsing is just damning. Maybe only certain sections of this domain have been abused - - that S.A. and WOT are not picking up on? All in all, because this domain came to me via spam, I’m going to be leery. Resources:- http://www.siteadvisor.com/sites/w3.org http://www.mywot.com/en/scorecard/w3.org http://www.google.com/safebrowsing/diagnostic?site=w3.org Sat, 30 Jul 2011 22:28:33 +0000 http://safeweb.norton.com/report/show?url=w3.org Subtitle:- I try not to freelance. Rating:- 3/5 Tags:- Spam, Potential Scam, Potentially Dangerous Review:- This domain was another highlighted by the spammer I just brought to the surface (FarahFawcett@designerslove.com). Community Intelligence for getafreelancer.com: S.A.- Green. S.A.’s community- spam (1), bad shopping experience (2). WOT- Green, with pretty high marks. WOT’s community- outside of jason_beiswanger, positive. Beiswanger stated, “This company steals money from people’s paypal accounts.” Malware Domain List- January 5, 2010, has getafreelancer.com listed; the problem was apparently a hidden Iframe. My recommendation- Although not seen as problematic by hpHosts, URLVoid, MalwareURL, Google Safe Browsing, and Malware Domain Blocklist, there were snags with SiteAdvisor’s community, a person from WOT’s community, and Malware Domain List. Maybe this domain has been abused, but being that I came across it from a spam e-mail, I would exercise caution. Also, just because a site is not listed in hpHosts does not necessarily make it safe - - that is clearly articulated on hpHost’s site. Resources:- http://www.siteadvisor.com/sites/getafreelancer.com http://www.mywot.com/en/scorecard/getafreelancer.com http://www.malwaredomainlist.com/mdl.php?search=getafreelancer.com&colsearch=All&quantity=All&inactive=on Thu, 09 Jun 2011 07:42:11 +0000 http://safeweb.norton.com/report/show?url=getafreelancer.com My Malwarebytes' program recently provided me a warning for the following I.P.: 91.205.96.8. Interestingly enough, it was a link provided by one of my professors for an assignment. Although I will eventually have to look into this further, because I'm tremendously busy currently, I at least wanted to give the community a "heads-up" in the meantime. H.B. 3/5 Sun, 27 Feb 2011 23:44:56 +0000 http://safeweb.norton.com/report/show?url=91.205.96.8 Review:- Personally, these sites where you can get a “one-night stand” don’t even merit a speck of my intelligence, however, the shills are at it once again. The following “reviewers” are representatives of A.F.F. and have issued positive reviews to over-inflate the community rating for the site. Those who can be disregarded include but are not necessarily limited to: Yogi100, boris5670, richpf, Pick-A-Card, zigpoet, Bill Hayes, Robin Johnstone, CLTHORPE, cancer6962, Garrick Douglas, Admin001, TBrazziel, muhamed altawaty, masterandslut647, Sharky1168, soton94, gee2000, Joseph J, andrema, William Blackwell, Doobie, HotRod56, avatarDriggs, and Maaddog. How could it be that all these people come out of the woodwork just about a day ago? Seems suspicious to me. Additionally, if you notice, not a gosh darn one of these shills has any other reviews to their name except for A.F.F. Coincidence? I would imagine, NOT. Be advised, the real reviews for this ignominious domain [outside of this review] begin on pp. 5. Then, some will be tempted to say, that the aforementioned people reviewed because Norton incorrectly categorized the site as malicious. Let me say this, 1.) I’m still skeptical. 2.) If Norton had this site in the “red”, it probably should have stayed as such. For those less educated, here is the aggregate intelligence for this A.F.F. SiteAdvisor = Green. However, cited for one [1] pop-up and the third-party cookie: hotbox.com. S.A.’s Community = Spam (42), Adware, spyware, or viruses (31), Browser Exploit (14), Excessive Popups (24), Bad Shopping Experience (5). WOT = Yellow. WOT’s Community = In the “yellow” for: Trustworthiness, Vendor Reliability, and Privacy. In the “red” for: Child Safety. Spam (18), Annoying ads or popups (17), Bad Customer Experience (9), Phishing or other scams (28), Malicious content, viruses (9), Browser Exploit (1), Spyware or Adware (5), Hateful, violent or illegal content (4), Ethical Issues (2), Useless (1). hpHosts = Engaged in Malware Distribution (EMD). URLVoid = “DANGEROUS”. Cited by Threat Log. Wikipedia has presented an interesting criticism of A.F.F. available at: http://en.wikipedia.org/wiki/Adult_FriendFinder. A.F.F. has also been cited for fraud and cheating by Complaints Board. Please see: http://www.complaintsboard.com/complaints/adult-friend-finder-c148231.html. Bottom line, I’m Team Rocket and I’m in your face! HA! HA! HA! Bet you didn’t expect that. Furthermore, if you post less than an intelligent comment on this review i.e., defending A.F.F., I will NOT respond back. H.B. 1/5 Resources:- 1.) http://www.siteadvisor.com/sites/adultfriendfinder.com 2.) http://www.mywot.com/en/scorecard/adultfriendfinder.com 3.) http://hosts-file.net/default.asp?s=adultfriendfinder.com 4.) http://www.urlvoid.com/ 5.) http://www.threatlog.com/search/adultfriendfinder.com 6.) http://en.wikipedia.org/wiki/Adult_FriendFinder 7.) http://www.complaintsboard.com/complaints/adult-friend-finder-c148231.html Mon, 10 Jan 2011 05:58:25 +0000 http://safeweb.norton.com/report/show?url=adultfriendfinder.com Review:- Except, there is no fun here. If you “Google” this I.P. address, it belongs to a site known as, “childfun.com”. hpHosts also verifies that Childfun belongs to 67.215.241.99. Supposedly, this is a good site where people can access fingerplays and other things that (apparently) children are interested in. I don’t care if Norton says that this site is safe. Whilst perusing the MBAM protection logs, it recorded that 324 attacks were successfully blocked from infiltrating my system. Here is the aggregate intelligence. S.A. = Green. S.A.’s Community = Adware, spyware, or viruses (1). Beware, the third-party tracking cookie, doubleclick.net, WILL be left on your prospective system. WOT = Lighter green. If you enter Norton.com into WOT you will see the differences in the shades of green. WOT’s Community = Only 71 for trustworthiness and only 88 for Child Safety. MalwareURL = NOT currently listed. hpHosts = NOT listed. However, they have issued a warning that, “The IP PTR associated with this record, does not resolve back to it’s original IP address. This is very bad practice.” URLVoid = At first, it said that the domain did not exist or was inaccessible. After running it a second time, it came back “CLEAN”. Malware Domain List = Nothing. Malware Domain Blocklist = Nothing. When I “Googled” “childfun and spam”, I found an interesting discussion board from http://www.webservertalk.com/ wherein someone referenced as “Jenny Wanderscheid” (jenny@childfun.com) was being accused of sending out unsolicited bulk e-mail. In the address I have provided, under resources, for Webservertalk, if you go to that page and scroll down a little, please note the box where “Shmuel (Seymour J.) Metz” is first highlighted. There, you will find the exchange where this “jenny@childfun.com” is being cited for criminality i.e., spamming activities. And, as Elena Hughes once said, “If they spam they will scam.” Please be advised, that if you visit the address I have provided for Webservertalk, they too, unfortunately, deploy tracking cookies. Remember to block them or do a “quick sweep” with Norton after visiting. Normally, I hate to direct people to sites that use third-party trackers, however, I felt that this resource was necessary to buttress my arguments. Bottom line, (I don’t know how many times I have to say this) leave the “fun” for Chuck E. Cheese, and, if you are smart, AVOID this “childfun.com”. H.B. “came to town” and all he left in Childfun’s stocking was HAMMERS!!! H.B. 1/5 Resources:- 1.) http://www.siteadvisor.com/sites/childfun.com 2.) http://www.mywot.com/en/scorecard/childfun.com 3.) http://www.malwareurl.com/listing-urls.php 4.) http://hosts-file.net/default.asp?s=childfun.com 5.) http://vscan.urlvoid.com/analysis/4dc06a0c203e88d6c38d6ab9f68e887a/Y2hpbGRmdW4tY29t/ 6.) http://www.malwaredomainlist.com/mdl.php?search=childfun.com&colsearch=All&quantity=50 7.) http://www.malwaredomains.com/wordpress/ 8.) http://www.webservertalk.com/archive154-2004-2-109415.html Sat, 25 Dec 2010 06:59:37 +0000 http://safeweb.norton.com/report/show?url=67.215.241.99 Review:- Besides being a “phake pharm”, here are the results from Site Advisor. S.A. = Green. S.A.’s Community = Spam (1), Phishing or other scams (3). WOT = RED. WOT’s Community = Spam (1), Phishing or other scams (1). Spam Cop cited. hpHosts = NOT listed, however, a warning was issued that, “ZeusTracker has identified this hostname as a known Zeus hostname. URLVoid = cited by SURBL, TrendMicro, and URIBL. Interesting. According to URLVoid, lifemednow.com came back “CLEAN” with respect to Zeus Tracker. URLVoid indicates that the IP Country is BA (Bosnia and Herzegovina). I also “Googled” this lifemednow.com. Not too many results. One “hit” was the one wherein I say, “more analysis required”, one from S.A., and one from a site Norton did not verify, therefore, I wasn’t going there. The one from S.A. really intrigued me. Whilst discussing another criminal domain (clickrxonline), if you scroll down, “HansTheBlueFrog” not only cites lifemednow for criminality, but a host of others. Please see: http://www.siteadvisor.cn/sites/clickrxonline.com/msgpage. Bottom line, support your local pharmacy, and avoid these criminals. Norton, please get up to speed with this. H.B. 1/5 Resources:- 1.) http://www.siteadvisor.com/sites/lifemednow.com 2.) http://www.mywot.com/en/scorecard/lifemednow.com 3.) http://hosts-file.net/default.asp?s=lifemednow.com 4.) http://www.urlvoid.com/ 5.) http://www.siteadvisor.cn/sites/clickrxonline.com/msgpage Mon, 13 Dec 2010 08:29:57 +0000 http://safeweb.norton.com/report/show?url=lifemednow.com Some time back, I shed light on the W.C. Funsource Monthly scam promulgated by programstop.com. However, whilst researching that scam, I came across another, perpetrated by funsourceinc.com. For verification, please see the comment by Richy at http://www.complaintsboard.com/complaints/fun-source-c275620.html. S.A. = Green. WOT = Oblivious. hpHosts = NOT listed, however, they indicate that the IP PTR regarding funsourceinc does not resolve, undesirable behavior. You can see this for yourself at: http://hosts-file.net/default.asp?s=funsourceinc.com. Bottom line, like I said once before, leave the “fun” for establishments such as Chuck E. Cheese. H.B. 1/5 Fri, 29 Oct 2010 23:12:53 +0000 http://safeweb.norton.com/report/show?url=funsourceinc.com Another that has spammed my MSN. S.A. = Green. hpHosts = No records found. Norton, please look into this further. H.B. 3/5 Tue, 26 Oct 2010 04:53:07 +0000 http://safeweb.norton.com/report/show?url=mail12info.com Another that has spammed my MSN. S.A. = Untested. WOT = Untested. hpHosts = no records found. H.B. 3/5 Tue, 26 Oct 2010 04:26:44 +0000 http://safeweb.norton.com/report/show?url=locorkscrew.com Another that has spammed my MSN. S.A. = Untested. WOT = Untested. hpHosts = No records found. H.B. 3/5 Tue, 26 Oct 2010 03:04:09 +0000 http://safeweb.norton.com/report/show?url=deiosso.net Another that has spammed my MSN. S.A. = Untested. WOT = Untested. hpHosts = No records found. H.B. 3/5 Tue, 26 Oct 2010 02:48:08 +0000 http://safeweb.norton.com/report/show?url=classicbuon.com Another that has spammed my MSN account. S.A. = Untested. WOT = Untested. hpHosts = No records found. H.B. 3/5 Sun, 24 Oct 2010 04:40:41 +0000 http://safeweb.norton.com/report/show?url=aubruschette.com I had to get out my sledge-hammer for these guys. This www.programstop.com is supposed to be the place where people can terminate their subscriptions to W.C. Funsource, however, both Funsource and Programstop are fraudulent. For verification you can go to the following links: http://www.complaintsboard.com/complaints/funsource-monthly-c60861.html and http://www.complaintsboard.com/complaints/programstopcom-c38966.html. I found out about this W.C. Funsource whilst working in the library. A patron explained how she thought this W.C. Funsource would be something nice for the kids, however, they re-billed her to the tune of almost $100! In my opinion, if you want “fun” stick with Chuck E. Cheese (awesome pizza). Regrettably, SiteAdvisor has this Programstop in the green. WOT (finally) has placed programstop in the yellow. H.B. 1/5. Fri, 03 Sep 2010 02:11:57 +0000 http://safeweb.norton.com/report/show?url=programstop.com I have removed my helmet in HONOR of the greatest OVERALL security program. On more than one occasion, NORTON has blocked malicious trojans from invading my system. Over the years, I have dealt with McAfee, Avast!, BitDefender, and Comodo, all of which either proved insufficient or detected false-positives. In my experience, I have NEVER had ANY false-positives with Norton and its comprehensiveness is UNMATCHED. It is due to the aforementioned, that I proudly say, “HELMET’S OFF!!!” and award Norton the coveted FIVE [5] out of FIVE [5] rating. Please keep in mind, that although this is my first 100% “all green” review, do NOT get used to it!!! I still have many MORE spammer domains that I must give the ill-repute 1 out of 5 to. Although I have been exceptionally busy, I figured that I could at least take some time out to bestow PRAISE upon Norton. H.B. Mon, 23 Aug 2010 04:37:46 +0000 http://safeweb.norton.com/report/show?url=norton.com This is another disreputable domain that has spammed my MSN e-mail. Apparently, SiteAdvisor (S.A.) has this queued for testing. WOT finally has this site in the "orange" with very poor statistics. H.B. 3/5 Thu, 12 Aug 2010 22:24:04 +0000 http://safeweb.norton.com/report/show?url=snowballcombat.com These disreputable people hacked my cousin’s e-mail account, and sent info about their sham site to everyone in her contact list. I am in her contact list. However, when I opened the e-mail that came from “her”, it just didn’t feel right. It did not sound like her at all. Sure enough, I researched efartrade.com, and it is a scam site. According to the WOT Web of Trust, this site not only hacks your e-mail, it will give you adware/spyware. This is the newest scam going. Thinking that say, someone you love, sent you advice about a great site to purchase products from, you unwittingly use the site and then they have you! Next comes the daunting task of re-establishing your credit score and alerting all those in your contact list that if they get a message from “you”, to disregard it. H.B. Mon, 21 Jun 2010 06:44:04 +0000 http://safeweb.norton.com/report/show?url=efartrade.com Yeah, this piesnowball.com is yet another disreputable domain that consistently spams my e-mail - - beware! H.B. Tue, 08 Jun 2010 04:36:40 +0000 http://safeweb.norton.com/report/show?url=piesnowball.com This is a direct quote from SiteAdvisor concerning this site, "McAfee TrustedSource web reputation analysis found potential suspicious behavior on this site which may pose a security risk. Use with caution." SiteAdvisor's community has found the following to be true of the site: spam, phishing or other scams. Please pay particular attention to comments by our own Alexis Kauffmann as well as "DougW". Alexis Kauffmann notes that this disreputable domain has been blacklisted by Joe Wein at http://www.joewein.net/. For full disclosure of comments issued by SiteAdvisor's community with respect to this site, please go to: http://www.siteadvisor.com/sites/onlinemedicalplan.com. Additionally, onlinemedicalplan.com has been flagged by the WOT Web of Trust for the following: trustworthiness, vendor reliability, privacy, and child safety. Bottom line- I believe the overwhelming evidence speaks for itself. Norton, PLEASE PUT THIS ONE IN THE RED BEFORE IT CAUSES HARM!!! H.B. Wed, 19 May 2010 04:16:25 +0000 http://safeweb.norton.com/report/show?url=onlinemedicalplan.com Before I get into the inner-workings of this review, I noticed that I must have really angered someone on this forum. This person painstakingly took the time to vote me down on every one of my reviews. To that person, I just want you to know, that yes, I DID INTEND TO ANGER YOU. Anyhow, as for Viking cruises, this disreputable organization consistently spams my e-mail sending me information on their stupid cruises. I have never had dealings with this outfit nor have I ever requested information from them. How they got my e-mail I will never know. What am I going to do with a cruise anyway? Knowing my luck, pirates will come up the sides and ransack the boat while I'm on it. Bottom line, I will leave the Vikings to the history books and if you're smart, you will avoid this SPAMMER DOMAIN!!! H.B. Mon, 17 May 2010 00:23:46 +0000 http://safeweb.norton.com/report/show?url=vikingrivercruises.com Another site that spams my e-mail. Sun, 24 Jan 2010 22:23:56 +0000 http://safeweb.norton.com/report/show?url=medicalassistcentral.com Gamesradar is another site which is heavily advertised in Nintendo Power. However, parents must think twice before letting their children access this site. First, I shall discuss technological abnormalities within the site followed by moralist arguments. Lastly, I will provide my conclusion. From the technological side, I.E. 7 blocked the following cookie: http://twitter.com/status/user_timeline/GamesRadar.json?count=3&callback=jsonp1263723963546&_=1263723966359. There were annoying ads along the top and right sides of the pages of this site. Their “Sexy Fan Art” section loaded with errors on page on two occasions. While viewing images in this gallery, Malwarebytes’ Anti-Malware 1.44 successfully blocked malicious I.P.’s from invading my system. The first time, malicious I.P. 93.158.114.163 was blocked. Unfortunately, I did not take down the number of the image that yielded this malicious I.P., however, I made notes on subsequent images that yielded a malicious I.P. Still talking about their “Sexy Fan Art” gallery, images 208 – 210 yielded malicious I.P. 208.73.210.27. The load times for this site were atrocious. From a moralist perspective, parents must realize that this site features the following links right on their Homepage: “The sexiest game babes of 2009”, “Sexy Fan Art”, “Sexy Game Babes”, “Sexy Bayonetta Art”, “Sexy Cortana Art”, and “All the ‘sexy’.” Concerning “Sexy Fan Art” (where I discovered the malicious I.P.’s) they feature 374 really, pornographic depictions of cartoon women. Of the 374, 334 were directly traceable to www.deviantart.com, 1 was traceable to blogspot.com, 13 were traceable to www.imaginefx.com, 5 were traceable to http://www.reiq.co.uk, 1 was traceable to http://fyredrake.net, 1 was traceable to http://www.esthersanz.com, 1 was traceable to http://mysticalrenderings.com, 1 was traceable to http://www.nopinkponies.com, 2 were traceable to www.charlenechua.com, 2 had no attribution except one mentioned “HALO” and the other mentioned “halogoddess”, 6 had a dual location not only at deviantart.com but at the following: http://www.petite-madame.fr, http://www.thong-revolution.com, ghostfire.net, annarigby.com, www.cloudsgallery.com, and barachan.com. 6 had no attribution whatsoever, but if I had to wager, I would say that they were having to do with Halo. 1 came from http://ghostfire.de. I believe that it is very important for parents to be on the lookout for these other deviant sites (that Gamesradar highlighted) so they can safeguard their children more. Blogspot has been condemned by both Safe Web and SiteAdvisor’s communities. According to SiteAdvisor, imaginefx.com will leave the third-party cookie intellitxt.com on your system. Reiq.co.uk links to jigglygirls.com a cartoon porn site that links to other cartoon porn sites. The Wot Web of Trust www.mywot.com has flagged charlenechua.com and thong-revolution.com for child safety. According to SiteAdvisor, cloudsgallery.com and barachan.com will leave the third-party cookie statcounter.com on your system. For the link, “Sexy Game Babes” they explain, “Where we throw caution to the wind and post 56 pictures of sexy game-related babes.” Here, they also suggest users go to snipurl.com. However, both the communities of SiteAdvisor and Mywot condemn this site as having spam, malicious content, phishing, and being a browser exploit. Still in the same vein as “Sexy Game Babes”, they provide users the following links: “Sexy Cosplay Gallery” and “Hot women as game characters in movies.” Under “Sexy Cosplay Gallery” depictions are traceable to the following: deviantart.com, cosplay.com, www.sasha-v.com, cosplaykitten.com, acparadise.com, risingsun.net, www.ng-master.com, darkain.com, www.aurarinoa.it, www.cutekrystal.com, and http://yukicosplay.com. Acparadise.com will leave the third-party cookie bettertechservices.com on your system. Darkain.com will leave the third-party cookie youtube.com on your system. SiteAdvisor has found that yukicosplay.com can connect with bravenet.com that can connect people to malicious sites. SiteAdvisor’s community has found the following problems with bravenet.com: spam, adware, spyware, viruses, browser exploit, excessive popups, phishing and other scams, and bad shopping experience. Moreover, bravenet.com will leave the following third-party cookie on your system: specificclick.net. Under “Hot women as game characters in movies”, there is an article entitled, “11 hot women that have played game characters in movies”. Themes in this article include “Breast physics” and bisexuality. They also depict a computer generated (CG) image of a woman nude (frontal) with pictures of a man’s head censoring her private parts. Gamesradar.com uses lowly expressions in their articles e.g. “piss-poor” and “goddamn”. They have another article entitled, “Games vs. Girls: Which is best.” Here, they put women on the same plane as stupid video games. This is demeaning and leads to the objectification of women which affects civil society holistically. Another link from their Homepage is “Sexy Bayonetta Art”. Here, they have an article entitled, “The sexiest new characters of the decade” wherein they highlight “MISS 2008: Zoey” in which they feature another computer generated woman nude in what appears to be a hot tub. Another link within Gamesradar is for, “The 10 most shocking game moments of the decade.” Their description for this link is as follows: “A decade’s worth of game taboo breakers dredged together into one filthy list.” Here, they have age-gated videos. The concept of age-gated videos is so asinine because all someone has to do is falsify a date of birth and then they can access this horrid content. Still concerning the aforementioned article, they provide another link that states, “Next: Full-frontal nudity, snuff movies and pissing on people…” If a user clicks that, then they will go to “GTA IV: Lost and Damned Full-frontal male nudity 2008”. On this page, there is also a link that will direct people to a section on incest. From there, they discuss Grand Theft Auto III “Picking up prostitutes” dated 2001. There is another link on their Homepage for “Sexy Cortana Art”. Here, there are more inappropriate depictions. Just because users create these images with a cyborgesque look, they think that they can justify what is nothing more than nude cartoons. Still under “Sexy Cortana Art”, users can see the following Web addresses: www.reiq.co.uk, bungie.net, barachan.com, and www.xeracx.com. According to SiteAdvisor, bungie.net will leave the following third-party cookie on your system: quantserve.com. SiteAdvisor’s community has reported this site as having phishing or other scams and a bad shopping experience. Xeracx.com has been flagged by Mywot for child safety. Another link on their Homepage is for “All the ‘sexy’.” If users click that they will have access to three pages of links choc-full of their dirty articles featuring sexual themes. Furthermore, Gamesradar provides their users with links to their sponsors. Their sponsors include but are not limited to: www.CatalogLink.com, www.Pronto.com, www.Dealtime.com, www.smarter.com, www.giftsofloveshop.com, www.rustybarbwireapparel.com, www.Best-Price.com, www.vinyldisorder.com, www.Shopping.com, and www.SHOP.com. Their description for CatalogLink.com is that users can access “Sexy Photo” there. Their description for Pronto.com is that users can “Find Sexy Hot Photos at Great Prices.” Their description for Dealtime.com is that users will be able to access “Sexy Photos” there. Their description for www.smarter.com is that users will be able to “Browse Website Sexy and other Software Products.” Their description for giftsofloveshop.com is that users will be able to access, “Gift baskets, luxurious lingerie, & romantic gifts for all occasions.” God only knows what “romantic gifts” include. Their description for rustybarbwireapparel.com is that this is, “Sexy Women’s Sexy! Free Shipping in USA.” Their description for Best-Price.com is that users can access, “Incredible prices. Find sexy photo & save up to 75% now.” Their description for vinyldisorder.com is that users will be able to access, “Strippers on Poles, Great for Cars! Huge Variety of Colors and sizes.” Their description for Shopping.com is that users will be able to access, “Deals on Photos Sexy. Online sale!” Their description for SHOP.com is that users will be able to access, “Photo Sexy”. One last note, before my conclusion, located near the bottom of Gamesradar’s Homepage they have a link for Future US, Inc. These are the people who publish Nintendo Power the “childrens” magazine. I have a suspicion that they are all in collusion with one another. Bottom line, between malicious I.P.s, unseemly tracking cookies, pages loading with numerous errors on multiple occasions, atrocious load times, unmitigated sexual themes, exposing children to numerous third-party sites (some of which are dangerous) despicable articles objectifying and demeaning women, foul language, videos with insufficient safeguards to lock minors out, uncivilized behaviors discussed in their articles, both you and your children should abstain from visiting this site at all costs as it is not fit for human consumption - - 1 out of 5! If I could rate it a zero, I would. Tue, 19 Jan 2010 19:39:43 +0000 http://safeweb.norton.com/report/show?url=gamesradar.com I was attempting to access this site because I thought it was a place where I could download themes from Windows 98 that would be compatible with XP. However, Malwarebytes’ Anti-Malware blocked it as malicious. Bottom line, this site will give you malware - - avoid 1 out of 5! Fri, 15 Jan 2010 20:25:45 +0000 http://safeweb.norton.com/report/show?url=174.37.71.212 Some have commented that MyWay is safe - - absolutely not! From the technological side, my sister’s computer was infected with four (4) pieces of malware directly traceable to MyWay. Here are the paths that Malwarebytes’ Anti-Malware discovered: C:\Program Files\MyWaySA(Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (Adware.MyWebSearch) -> Delete on reboot. Bottom line, this site will give you malware, stay clear - - 1 out of 5! Sat, 09 Jan 2010 21:06:11 +0000 http://safeweb.norton.com/report/show?url=myway.com Some time back, Malwarebytes' Anti-Malware provided me with a warning for this IP and it is still listed in hpHosts (12/13/2012). I would avoid. Fri, 01 Jan 2010 21:28:47 +0000 http://safeweb.norton.com/report/show?url=68.178.232.99 Confirmed spammer domain. See commentary via www.siteadvisor.com/sites/doiop.com. Doiop is another great group of people that consistently spam my e-mail. Mon, 28 Dec 2009 22:11:09 +0000 http://safeweb.norton.com/report/show?url=doiop.com Before I start, let me just say, that I did take note when Norton scrubbed my reviews for the following: YouTube.com, Download.com, and Devianart.com. Hopefully, some of you were able to see those reviews before they were taken down. I still stand by those reviews, but will abide by the framework set forth by Norton, and not re-post those reviews until Norton provides me with more insight into why those reviews were removed. Concerning newsvine.com, I was attempting to post commentary on an MSNBC discussion forum when I was transferred to this site. From newsvine, I tried to "upload" a picture for my profile and the link would not work. Also, a suspicious window opened asking me to take a survey. I immediately closed that window out, I did not want to take a chance. In addition, newsvine's page loaded with errors and Microsoft issued a certificate warning for the site! I'm not sure if that means that their certificate has been revoked, but at that point, I definitely was not liking what I was seeing. Bottom line, this site was very frustrating to navigate through, 3 out of 5. Tue, 17 Nov 2009 19:35:35 +0000 http://safeweb.norton.com/report/show?url=newsvine.com Hello, I am Hammer Bro. This is my first evaluation and I approach this discussion forum not from any personal, ideological, or other engendered biases, but centered upon empirical and etiological experiences that I have had up until this point. If you value your system, do not download anything from gamingharbor.com. This site, located in Germany, will leave the most frustrating Ad-ware infection on your system referenced as "Adware. DoubleD". Other manifestations include, but are not necessarily limited to, "Media Access Startup", "Internet Savings Optimizer", and "System Search Dispatcher". If you find any of these rogue components on your system, delete immediately! Do not wait until problems arise. Norton was not able to fully remove this infection from my system. To comprehensively remove it, I had to employ Malwarebytes' Anti-Malware. At least for now, I find myself concurring with the "punkbuster". Tue, 29 Sep 2009 21:26:28 +0000 http://safeweb.norton.com/report/show?url=gamingharbor.com